ARTEMIS-4712 remove LDAP connection pooling

This commit is contained in:
Justin Bertram 2024-04-04 10:43:54 -05:00 committed by clebertsuconic
parent 0fad7ece87
commit baa8710fa2
5 changed files with 20 additions and 86 deletions

View File

@ -94,7 +94,6 @@ public class LDAPLoginModule implements AuditLoginModule {
REFERRAL("referral"),
IGNORE_PARTIAL_RESULT_EXCEPTION("ignorePartialResultException"),
PASSWORD_CODEC("passwordCodec"),
CONNECTION_POOL("connectionPool"),
CONNECTION_TIMEOUT("connectionTimeout"),
READ_TIMEOUT("readTimeout"),
NO_CACHE_EXCEPTIONS("noCacheExceptions");
@ -660,9 +659,6 @@ public class LDAPLoginModule implements AuditLoginModule {
env.put(Context.SECURITY_PROTOCOL, getLDAPPropertyValue(ConfigKey.CONNECTION_PROTOCOL));
env.put(Context.PROVIDER_URL, getLDAPPropertyValue(ConfigKey.CONNECTION_URL));
env.put(Context.SECURITY_AUTHENTICATION, getLDAPPropertyValue(ConfigKey.AUTHENTICATION));
if (isLoginPropertySet(ConfigKey.CONNECTION_POOL)) {
env.put("com.sun.jndi.ldap.connect.pool", getLDAPPropertyValue(ConfigKey.CONNECTION_POOL));
}
if (isLoginPropertySet(ConfigKey.CONNECTION_TIMEOUT)) {
env.put("com.sun.jndi.ldap.connect.timeout", getLDAPPropertyValue(ConfigKey.CONNECTION_TIMEOUT));
}

View File

@ -32,15 +32,13 @@ import javax.security.auth.login.LoginContext;
import javax.security.auth.login.LoginException;
import javax.security.auth.spi.LoginModule;
import java.io.IOException;
import java.lang.invoke.MethodHandles;
import java.lang.reflect.Field;
import java.lang.reflect.Modifier;
import java.util.HashMap;
import java.util.HashSet;
import java.util.Hashtable;
import java.util.Set;
import java.util.concurrent.Executor;
import java.util.concurrent.ExecutorService;
import java.util.concurrent.Executors;
import java.util.concurrent.TimeUnit;
import org.apache.directory.server.annotations.CreateLdapServer;
@ -48,13 +46,12 @@ import org.apache.directory.server.annotations.CreateTransport;
import org.apache.directory.server.core.annotations.ApplyLdifFiles;
import org.apache.directory.server.core.integ.AbstractLdapTestUnit;
import org.apache.directory.server.core.integ.FrameworkRunner;
import org.slf4j.Logger;
import org.slf4j.LoggerFactory;
import java.lang.invoke.MethodHandles;
import org.junit.After;
import org.junit.Before;
import org.junit.Test;
import org.junit.runner.RunWith;
import org.slf4j.Logger;
import org.slf4j.LoggerFactory;
import static org.junit.Assert.assertEquals;
import static org.junit.Assert.assertFalse;
@ -139,57 +136,6 @@ public class LDAPLoginModuleTest extends AbstractLdapTestUnit {
assertTrue("sessions still active after logout", waitFor(() -> ldapServer.getLdapSessionManager().getSessions().length == 0));
}
@Test
public void testLoginPooled() throws Exception {
CallbackHandler callbackHandler = callbacks -> {
for (int i = 0; i < callbacks.length; i++) {
if (callbacks[i] instanceof NameCallback) {
((NameCallback) callbacks[i]).setName("first");
} else if (callbacks[i] instanceof PasswordCallback) {
((PasswordCallback) callbacks[i]).setPassword("secret".toCharArray());
} else {
throw new UnsupportedCallbackException(callbacks[i]);
}
}
};
LoginContext context = new LoginContext("LDAPLoginPooled", callbackHandler);
context.login();
context.logout();
// again
context.login();
context.logout();
// new context
context = new LoginContext("LDAPLoginPooled", callbackHandler);
context.login();
context.logout();
Executor pool = Executors.newCachedThreadPool();
for (int i = 0; i < 20; i++) {
pool.execute(() -> {
try {
LoginContext context1 = new LoginContext("LDAPLoginPooled", callbackHandler);
context1.login();
context1.logout();
} catch (Exception ignored) {
}
});
}
/*
* The number of sessions here is variable due to the pool used to create the LoginContext objects and the pooling
* for the LDAP connections (which are managed by the JVM implementation). We really just need to confirm that
* there are still connections to the LDAP server open even after all the LoginContext objects are closed as that
* will indicate the LDAP connection pooling is working.
*/
assertTrue("not enough active sessions after logout", waitFor(() -> ldapServer.getLdapSessionManager().getSessions().length >= 5));
((ExecutorService) pool).shutdown();
((ExecutorService) pool).awaitTermination(2, TimeUnit.SECONDS);
}
public interface Condition {
boolean isSatisfied() throws Exception;
}

View File

@ -49,27 +49,6 @@ LDAPLogin {
;
};
LDAPLoginPooled {
org.apache.activemq.artemis.spi.core.security.jaas.LDAPLoginModule required
debug=true
initialContextFactory=com.sun.jndi.ldap.LdapCtxFactory
connectionURL="ldap://localhost:1024"
connectionUsername="uid=admin,ou=system"
connectionPassword=secret
connectionProtocol=s
authentication=simple
userBase="ou=system"
userSearchMatching="(uid={0})"
userSearchSubtree=false
roleBase="ou=system"
roleName=cn
roleSearchMatching="(member=uid={1},ou=system)"
roleSearchSubtree=false
connectionPool=true
connectionTimeout="2000"
;
};
UnAuthenticatedLDAPLogin {
org.apache.activemq.artemis.spi.core.security.jaas.LDAPLoginModule required
debug=true

View File

@ -616,10 +616,6 @@ currently, the only supported value is a blank string.
In future, this option will allow you to select the Secure Socket Layer (SSL) for the connection to the directory server.
This option must be set explicitly to an empty string, because it has no default value.
connectionPool::
boolean, enable the LDAP connection pool property 'com.sun.jndi.ldap.connect.pool'.
Note that the pool is https://docs.oracle.com/javase/jndi/tutorial/ldap/connect/config.html[configured at the jvm level with system properties].
connectionTimeout::
specifies the string representation of an integer representing the connection timeout in milliseconds.
If the LDAP provider cannot establish a connection within that period, it aborts the connection attempt.

View File

@ -12,6 +12,23 @@ NOTE: If the upgrade spans multiple versions then the steps from *each* version
NOTE: Follow the general upgrade procedure outlined in the xref:upgrading.adoc#upgrading-the-broker[Upgrading the Broker] chapter in addition to any version-specific upgrade instructions outlined here.
== 2.34.0
https://issues.apache.org/jira/secure/ReleaseNote.jspa?projectId=12315920&version=...[Full release notes]
=== Highlights
* A
* B
* C
=== Upgrading from 2.33.0
* Due to https://issues.apache.org/jira/browse/ARTEMIS-4712[ARTEMIS-4712] the connection pooling functionality configured via the `connectionPool` property in `login.config` is no longer supported in the `LDAPLoginModule`.
The `login.config` may still use the `connectionPool` property.
No error will be thrown.
However, connections will no longer be pooled regardless of the configuration.
== 2.33.0
https://issues.apache.org/jira/secure/ReleaseNote.jspa?projectId=12315920&version=12354184[Full release notes]